Top 10 cybersecurity Best Practices For Hosting in 2017

The healthcare industry was riddled with cybersecurity issues in 2016 as ransomware, human error, IoT flaws and hacking attempts were some of the biggest problem areas.

The good news is that it appears the industry is taking notice and attempting to secure its vulnerabilities. The bad news? There is still a long way to go to protect valuable patient data and keep it out of cybercriminals’ hands.

Here’s what they said organizations need to be doing this year to reduce their vulnerabilities:

1. Risk assessments. “Most organizations have limited funding,” Myers said. “Risk assessments help identify what really needs to be protected, and how to get the best bang for the buck for your security budget.” Further, clear documentation can help security teams plead the case for funding. Hepp added organizations should make recommendations based on assessments to address vulnerabilities.

2. Disaster recovery and contingency plans. An effective plan addresses not only access to medical and billing records but contingencies for email, departments reliant upon the network and departments with high-tech equipment like lab, pharmacy or imaging services, Hepp said. McMillan explained practicing the plan is crucial: “Involve staff, not just IT or managers in exercises, consider worst case scenarios for loss of power, communications, network and others to ensure staff can actually do their job without the system.”

3. Dedicated Sec-Op teams. “Depending on ‘Bob the IT guy’ who is not a security expert to defend a network is not effective,” Scott said. Organizations need a dedicated Sec-Op team to handle security, hunt threats, educate staff on latest threats and perform pen tests.

4. Business associate/vendor scrutiny. Organizations must thoroughly vet business associates by reviewing vendors’ risk assessments and requiring indemnification provisions and cybersecurity insurance in business associate agreements. For Scott, organizations should pick vendors with a demonstrated track record with ‘security by design’ – a security method that uses continuous testing, authentication safeguards and adherence.

5. Better employee training. “Most companies train once, if at all, and may never revisit the information,” Myers said. “By comparison, most places have fire drills regularly and frequently, so that employees will know without thinking what they need to do in an emergency.” Education also needs to be simplified, to make it easier to understand and commit to memory. According to Hepp, organizations should conduct mock phishing attempts to raise staff awareness. For McMillan, organizations must go deeper: “Computer-based training may be easy, but it is hardly effective,” he said. “Use multiple platforms, but ensure that some methods used involve experiential learning such as tabletops, exercises and tests, among others.”

6. Layered defense. “Many organizations are under the delusion they can detect and respond, and they’re not layering their defenses,” Scott said. “The CISO should be looking at targeted areas where he or she can add to various layers of cyber defense. But there’s still not enough movement in this area.”

7. Improved tech hygiene. System upgrades and patches must be up-to-date and routinely checked minimize system vulnerabilities and hacking attempts. Hepp explained systems must also be routinely monitored for inappropriate activity. And, as always, back-up systems to prepare for ransomware attacks or other system outages. Scott extended this further to “securing equipment within that IoT microcosm, which will thwart a lot of those exploits that are so readily available.”

8. Cybersecurity partnerships. Partnering with the right organizations can assure the success of your cybersecurity strategy: for resources, expertise, experience and capabilities, McMillan said. “Areas like risk analysis, testing, incident response, activity monitoring, security analysis are all good candidates for achieving greater efficacy.” Additionally, organizations need to “embrace sharing of cybersecurity information. For example, initiate a local or regional ISAO Standards Organization with other healthcare entities in your region.”

Client Testimonials

This page is having a slideshow that uses Javascript. Your browser either doesn't support Javascript or you have it turned off. To see this page as it is meant to appear please use a Javascript enabled browser.

I would highly recommend Health 1 Technologies, they are reliable, knowledgeable, and professional.

Marie Grasso, Practice Administrator, Main Street Family Practice

I have had IT support from Health1 Technologies since their start in 2005. Rahul Patel, Jen Monahan and their team are knowledgeable, responsive and professional. Although I suspect they have other clients, I always was made to feel as though I was the only one!

Marsha Munroe, Practice Administrator, North Shore ENT

Over the last 10 years, Health 1 has been our trusted partner. We have come to rely on them to host, manage and maintain our most critical data. I have in the past and will in the future continue to highly recommend all their services.

Jessica Hennessey, COO, Pediatrics West

We have been happy Health1 clients for over 9 years. The Health1 team is superb: extraordinarily competent, available and solution-driven. They keep us running.

Mitch Feldman, MD, FAAP, CIO, Patriot Pediatrics

We have been a Client of Health1 since 2007. Recently I discovered that our contract wasn't officially or 24/7 service. I have always made service calls off hours and always receive a quick response, I just assumed I had 24/7 service because that is what I get. Their knowledge of CPS is second to none. I highly recommend them.

Maureen Stanton, Practice Administrator, Agility Orthopedics

We have office hours every weekend and we have to have a firm that can support whenever we need it. We have been with Health 1 for over 7 years and have never looked elsewhere.

Kathy Riley, Practice Administrator, Pediatrics Inc.

North Shore Pediatrics, PC has partnered with Health1 for over a decade. The response time for emergency situations has been phenomenal and the on-going support and advice on future technology needs has always been accurate and focused on the needs of our practice. We could not be happier with our partnership with Health1.

David Smith, Practice Administrator, North Shore Pediatrics

Health1 is the first place I go when I encounter a Centricity problem that HAS to have an easier way or another solution. They always seem to have the answer I need. They are always accessible! Their medical billing experience helps them understand the problems I present and find a solution. They are my safety net!